UK and US develop new global guidelines for AI security


The very latest guidelines for secure AI system development will aid developers of any systems that use AI to make informed cyber security decisions at every stage of the development process.

Agencies from 18 countries, including the US, endorse new UK-developed guidelines on AI cyber security. This is another example that demonstrates the renowned education, knowledge and power the UK holds when it comes to defending against potential Cyber-attacks.

The UK proves to be a leader in terms of its prioritisation of Big Data Analytics (BDA), with frequent big data analytics conferences and events taking place across the country.

The guideline contributors

Guidelines for Secure AI System Development, led by and developed with the US’s Cybersecurity and Infrastructure Security Agency (CISA) build on guidelines from the AI Safety Summit, to establish a commitment to global collaboration on AI. Written in partnership with industry, guidelines advise developers on the security of AI systems. Joining the collaborative force behind the UK-led guidelines are industry experts and 21 other international agencies and ministries from across the world. These also include those from all members of the G7 group of nations and the Global South.Within the past few days, the UK has published the guidelines to ensure the secure development of AI technology. In a testament to the UK’s leadership in AI safety, agencies from 17 other countries have confirmed they will endorse and co-seal the new guidelines.

Guideline aims

The essential guidelines aim to drastically raise the cyber security levels of artificial intelligence and help ensure that they are designed, developed, and deployed securely. The more education companies deploy to AI users, the more equipped they will be to defend against and avoid any possibility of cyber-security breaches. Raising the profile of big data analytics is a welcomed move.

UK guidelines set a new precedent

The new, precedential UK-led guidelines are the first of their kind to be agreed globally. They will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process – whether those systems have been created from scratch or built on top of tools and service provided by others.

The guidelines help developers to ensure that cyber security is both an essential pre-condition of AI system safety and integral to the development process from the outset and throughout, known as a ‘secure by design’ approach.

What is a secure by design approach?

The innovative approach is centred around core principles, which its users must meet. These include:

  • Cyber security risk responsibility and accountability
  • Source and implement secure technology products
  • Designing and implementing usable security controls
  • All users executing a risk-driven approach
  • Minimise the scope of future attacks
  • Defend thoroughly
  • Embed and commit to continuous assurance against threat
  • Securely and rapidly make changes where necessary

With such an approach, this isn’t an exhaustive list. More in-depth information on each factor can be found at secure by design principles.

The CEO of the NCSC

Lindy Cameron said:

“We know that AI is developing at a phenomenal pace and there is a need for concerted international action, across governments and industry, to keep up.

These guidelines mark a significant step in shaping a truly global, common understanding of the cyber risks and mitigation strategies around AI to ensure that security is not a postscript to development but a core requirement throughout.

I’m proud that the NCSC is leading crucial efforts to raise the AI cyber security bar: a more secure global cyberspace will help us all to safely and confidently realise this technology’s wonderful opportunities.”

Speaking at a keynote speech at Chatham House in June, NCSC CEO Lindy Cameron warned about the perils of retrofitting security into AI systems in years to come, stressing the need to bake security into AI systems as they are developed, and not as an afterthought.

These guidelines are intended as a global, multi-stakeholder effort to address that issue, building on the UK Government’s AI Safety Summit’s legacy of sustained international cooperation on AI risks.

Similar words from the CISA Director

Jen Easterly said:

“This joint effort reaffirms our mission to protect critical infrastructure and reinforces the importance of international partnership in securing our digital future.”

Science and Technology Secretary explaining the role of the UK

Michelle Donelan went on to similarly relay the sentiment of the UK’s monumental involvement.

“I believe the UK is an international standard bearer on the safe use of AI. The NCSC’s publication of these new guidelines will put cyber security at the heart of AI development at every stage so protecting against risk is considered throughout.”

As echoed by the Secretary of Homeland Security, Alejandro Mayorkas,
“We are at an inflection point in the development of artificial intelligence, which may well be the most consequential technology of our time. Cyber security is key to building AI systems that are safe, secure, and trustworthy.

“Through global action like these guidelines, we can lead the world in harnessing the benefits while addressing the potential harms of this pioneering technology.”

The guidelines: four key areas

The guidelines are broken down into four key areas – secure design, secure development, secure deployment, and secure operation and maintenance. For each key area, there are accompanying suggested behaviours, which aim to help improve security.

The guidelines can be accessed via the NCSC Government alongside an article from key NCSC officials who worked on the project itself.

The full list of international signatories

As previous mentioned, the commitment shown by the countries who have agreed to endorse and co-seal the new guidelines can be found below:

Australia – Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)

Canada – Canadian Centre for Cyber Security (CCCS)

Chile – Chile’s Government CSIRT

Czechia – Czechia’s National Cyber and Information Security Agency (NUKIB)

Estonia – Information System Authority of Estonia (RIA) and National Cyber Security Centre of Estonia (NCSC-EE)

France – French Cybersecurity Agency (ANSSI)

Germany – Germany’s Federal Office for Information Security (BSI)

Israel – Israeli National Cyber Directorate (INCD)

Italy – Italian National Cybersecurity Agency (ACN)

Japan – Japan’s National Centre of Incident Readiness and Strategy for Cybersecurity (NISC; Japan’s Secretariat of Science, Technology and Innovation Policy, Cabinet Office

New Zealand – New Zealand National Cyber Security Centre

Nigeria – Nigeria’s National Information Technology Development Agency (NITDA)

Norway – Norwegian National Cyber Security Centre (NCSC-NO)

Poland – Poland’s NASK National Research Institute (NASK)

Republic of Korea – Republic of Korea National Intelligence Service (NIS)

Singapore – Cyber Security Agency of Singapore (CSA)

United Kingdom of Great Britain and Northern Ireland – National Cyber Security Centre (NCSC)

United States of America – Cybersecurity and Infrastructure Agency (CISA); National Security Agency (NSA; Federal Bureau of Investigations (FBI)